Tempra
Server hardening tool. Single binary. Knowledge built-in.
Tempra is a security knowledge engine. It detects your system, knows what needs hardening based on CIS benchmarks, generates a plan, applies it with native OS tools, and verifies the result.
$ tempra scan
OS: Linux
Distribution: ubuntu
Version: 24.04
Init system: Systemd
Package manager: Apt
$ tempra plan
[+] SSH: Disable root login (CIS-5.2.10)
[~] SSH: Set MaxAuthTries to 4 (CIS-5.2.7)
[+] Firewall: Enable UFW with deny incoming (CIS-3.5.1.2)
[+] Fail2ban: Enable SSH jail (NIST-AC-7)
$ tempra apply
4 changes to apply. Continue? [y/N]
Knowledge engine
Knows what to harden. No playbooks to write.
Native tools
Uses apt, systemctl, ufw, sysctl. Installs nothing extra.
Plan / Apply / Verify
See what changes before they happen. Verify after.
Idempotent
Run it again. Same result. No surprises.
Install
curl -fsSL https://tempra.sh/install.sh | bashQuick start
curl -fsSL https://tempra.sh/install.sh | bash
tempra scan
tempra plan
tempra applyFour commands. Fresh server to hardened server.
Not an Ansible replacement
Ansible executes steps you write. Tempra already knows what to do. It's the difference between a compiler and a linter — one runs your code, the other knows what's wrong.